HumanTrue's Privacy Policy

Effective Date: June 3, 2025-Last updated: June 3, 2025

At HumanTrue, your privacy is important to us. This Privacy Policy explains how we handle information, including Protected Health Information (PHI), in accordance with HIPAA, even though our services are designed not to require PHI.

Who We Are

HumanTrue is a technology platform that supports clinical trial operations. We are HIPAA-aligned and operate as a Business Associate only when required. However, our platform is built to function without any need for PHI.

No PHI Required

HumanTrue does not require PHI to operate effectively. Our system is designed to support protocol understanding, content generation, and clinical trial workflows using non-identifiable trial data such as study designs, eligibility criteria, and procedural schedules.

Please do not upload, enter, or transmit PHI into the HumanTrue platform.

If your use case involves PHI, you must first execute a Business Associate Agreement (BAA) with us. Without a BAA in place, uploading PHI is strictly prohibited.

How We Use Information

We may process structured clinical trial content (like protocol documents or templates), but we do not collect or use any patient-identifiable information.

We never use data for marketing, advertising, or unrelated analytics.

Use of AI Technologies

HumanTrue uses AI technologies to support protocol comprehension and clinical trial content generation. These AI models are hosted in secure, enterprise-controlled environments.

We do not send any customer data to publicly hosted or consumer-grade AI services (e.g., OpenAI, Anthropic, etc.). All AI processing is handled in ways that ensure data confidentiality and compliance with HIPAA and SOC 2 standards.

Model providers and infrastructure vendors never have access to your data. We maintain strict controls and review all vendors under our third-party risk management program.

How We Protect Your Information

Even though PHI is not required, we follow strong security and privacy practices, including:

  • Encryption of all data in transit and at rest
  • Access controls that restrict access to authorized personnel only
  • Audit logging and monitoring
  • Employee training on HIPAA-aligned practices

All data is processed in secure, cloud-based environments—there are no physical servers or on-prem systems.

Sharing and Disclosure

We do not sell or rent data to third parties.

We may share limited data with authorized subprocessors only when necessary to provide the service, and only under strict contractual and confidentiality agreements. We do not share or disclose PHI unless we have a signed BAA and it is explicitly permitted.

Breach Notification

If we ever identify a potential data breach, we will follow our internal breach notification procedures and notify the appropriate parties in accordance with applicable laws and contractual terms.

Your Responsibilities

To help maintain privacy and compliance:

  • Do not upload or input PHI into HumanTrue unless a BAA is in place
  • Ensure that any documents you submit are free of patient identifiers unless otherwise authorized

Contact

If you have questions or need to discuss a use case involving PHI, please contact us at: privacy@humantrue.com.